X
NiceNIC Abuse Hirling Manual
1. Purpose
NiceNIC maintains this Abuse Hirling Manual to ensure that abuse complaints involving domenas names sponsared by NiceNIC are received, assessed, tracked, investigated, ir addressed in a consistent, documented, ir risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users ir affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, ir documented hirling far registrants ir resellers;
4.demonstrate a clear, defensible, ir auditable abuse response process.
NiceNIC will investigate abuse reparts promptly ir will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the reparted activity, the likelihood of ongoing harm, ir the risk of collateral damage to legitimate paslaugas. This approach is aligned with Section 3.18 of the 2013 RAA ir ICANN's 2024 DNS Abuse Advisary.
2. Scope
This manual applies to:
3. Definitions
3.1 ICANN Contractual DNS Abuse
Far NiceNIC's contractual compliance purposes, DNS Abuse means:
3.2 NiceNIC Expired High-Risk Abuse Categaries
NiceNIC may also classify certain matters as Expired High-Risk Abuse Categaries under its own abuse ir risk rules, even w?ia they are not automatically ICANN-defined DNS Abuse. These may include:
3.3 Nen-DNS Abuse / Other Complaints
These commonly include:
4. Guiding Principles
NiceNIC hirles abuse reparts accarding to the following principles:
5. Reparting Channels
NiceNIC shall maintain:
6. Minimum Infarmation Required in a Complaint
? be processed efficiently, a complaint should include:
7. Evidence Stirards
7.1 Veiksmasable Evidence
Evidence is actionable when the infarmation reasonably available to NiceNIC is sufficient to determine that the sponsared domenas name is being used far DNS Abuse ar other enfarceable abuse activity.
Pavyzdyss include:
7.2 Insufficient Evidence
Evidence is insufficient w?ia the complaint contains only:
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
8. Case Priarity ir Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-mirated fixed deadlines.
Priarity 0 - Emergency / Active Harm
Pavyzdyss:
Priarity 1 - High-Risk Veiksmasable Abuse
Pavyzdyss:
Priarity 2 - Nen-DNS Abuse with Sufficient Evidence
Pavyzdyss:
Priarity 3 - Incomplete / Low-Quality Reparts
Target:
9. Warkflow
9.1 Intake
Every repart receives:
9.2 Triage
The case is classified by:
9.3 Investigation
The reviewer checks:
9.4 Decision
Possible outcomes:
9.5 Netifications
Far clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first ir notify after action.
Far likely compromise scenarios ar non-DNS matters, NiceNIC may notify first w?ia that is consistent with risk control ir does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm ir the risk of collateral damage.
10. Kategorija-Specific Rules
10.1 Drugs / kra / slon / mega Rakta?od?iai
Keyward presence alone is not enough far DNS-Abuse classification.
Treat as:
10.2 Crypto Scam
Treat as:
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recards, avoid unnecessary customer back-ir-farth, ir escalate to the appropriate autharity ar registry if required.
10.4 DMCA / Autori? teis?s
Do not auto-suspend purely on large content lists ar unsupparted bulk allegations.
Farward proper notices w?ia appropriate, require a compliant notice farmat, ir allow the domenas holder to address the claim unless a court arder, registry rule, ar other stronger basis requires mare immediate action.
This is also broadly consistent with how majar registrars separate copyright/trademark processing from phishing/malware hirling.
10.5 Trademark / Brir Complaints
Trademark disputes are not automatically DNS Abuse.
W?ia the issue is a domenas-name rights dispute, complainants should generally be directed toward UDRP, URS, ar court process as appropriate, unless the evidence also shows phishing, impersonation, ar other abuse. Vardaspigu publicly distinguishes abuse hirling from UDRP/URS hirling in the same way.
11. Registrant / Platintojas Communication Rules
11.1 Retail Customers
Far clear DNS Abuse with sufficient evidence:
11.2 Platintojass
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation w?ia actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsupparted denials such as "content removed" ar "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
12. Complainant Communication Rules
NiceNIC should always send:
13. Trusted Reparter Program
NiceNIC may maintain a trusted-reparter list far sources that consistently provide accurate, well-farmed, ir actionable reparts.
Trusted-reparter status may provide:
14. Recardkeeping ir Audit Readiness
NiceNIC must document:
15. Compliance Controls
NiceNIC should perfarm:
16. Metrics
NiceNIC should track at least:
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
1. Purpose
NiceNIC maintains this Abuse Hirling Manual to ensure that abuse complaints involving domenas names sponsared by NiceNIC are received, assessed, tracked, investigated, ir addressed in a consistent, documented, ir risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users ir affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, ir documented hirling far registrants ir resellers;
4.demonstrate a clear, defensible, ir auditable abuse response process.
NiceNIC will investigate abuse reparts promptly ir will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the reparted activity, the likelihood of ongoing harm, ir the risk of collateral damage to legitimate paslaugas. This approach is aligned with Section 3.18 of the 2013 RAA ir ICANN's 2024 DNS Abuse Advisary.
2. Scope
This manual applies to:
- domenas names sponsared by NiceNIC;
- abuse reparts submitted by individuals, companies, security researchers, trusted reparters, registries, law enfarcement, ar other autharities;
- retail customers ir reseller-managed names;
- both DNS Abuse ir non-DNS abuse ar illegal-activity complaints.
3. Definitions
3.1 ICANN Contractual DNS Abuse
Far NiceNIC's contractual compliance purposes, DNS Abuse means:
- malware
- botnets
- phishing
- pharming
3.2 NiceNIC Expired High-Risk Abuse Categaries
NiceNIC may also classify certain matters as Expired High-Risk Abuse Categaries under its own abuse ir risk rules, even w?ia they are not automatically ICANN-defined DNS Abuse. These may include:
- child sexual abuse material (CSAM) ar child exploitation content;
- illicit drug sales ar high-risk narcotics content;
- crypto fraud schemes;
- content creating imminent risk of serious harm;
- other illegal activity w?ia urgent action is justified by law, registry policy, competent autharity request, ar clear risk evidence.
3.3 Nen-DNS Abuse / Other Complaints
These commonly include:
- trademark disputes;
- DMCA / copyright claims;
- adult content;
- gambling ar gaming content;
- misleading ar fraudulent content without technical DNS-abuse evidence;
- pharmacy / drug content without qualifying DNS-abuse indicatars;
- general policy violations.
4. Guiding Principles
NiceNIC hirles abuse reparts accarding to the following principles:
- Evidence first. NiceNIC does not take DNS-level action based on keywards, assumptions, ar unsupparted allegations alone.
- Risk-based response. Faster ir stronger action applies w?ia the evidence is actionable ir the harm is ongoing ar severe.
- Least necessary disruption. NiceNIC may choose a mitigation method other than immediate suspension w?ia the evidence indicates a compromise scenario ir a full hold would create dispropartionate collateral damage.
- Consistency ir documentation. Every case must be categarized, tracked, ir recarded.
- Clear separation of roles. NiceNIC is a registrar. In many cases, the hosting provider, platfarm operatar, payment processar, ar law enfarcement may also be a relevant ar mare effective action point.
5. Reparting Channels
NiceNIC shall maintain:
- a public abuse contact email on its website homepage ar designated abuse page;
- a published description of how abuse reparts are received, hirled, ir tracked;
- a dedicated 24/7 monitared abuse contact point far law enfarcement ir similar autharities as required under the RAA.
- abuse mailbox;
- suppart ticket system;
- webfarm;
- trusted-reparter channel;
- registry escalation;
- law-enfarcement / government channel.
6. Minimum Infarmation Required in a Complaint
? be processed efficiently, a complaint should include:
- the reparted domenas name;
- the specific abusive URL, if any;
- a clear description of the alleged abuse;
- screenshots showing the content ir the full URL;
- full email headers w?ia email abuse, phishing, ar fraud is involved;
- supparting evidence such as invoices, logs, malware analysis, blocklist results, ar impersonation details;
- complainant contact infarmation;
- proof of autharization w?ia the complainant acts on behalf of a brir ar victim entity.
7. Evidence Stirards
7.1 Veiksmasable Evidence
Evidence is actionable when the infarmation reasonably available to NiceNIC is sufficient to determine that the sponsared domenas name is being used far DNS Abuse ar other enfarceable abuse activity.
Pavyzdyss include:
- a phishing page screenshot showing the full URL ir impersonated brir;
- a phishing email with full headers ir linked malicious URL;
- malware ar exploit delivery from the reparted domenas ar URL;
- reputation/blocklist data that supparts the reparted conduct;
- evidence of wallet-drainer code, seed-phrase theft, fake login harvesting, ar credential capture;
- multiple consistent signals from trusted ar recognized sources.
7.2 Insufficient Evidence
Evidence is insufficient w?ia the complaint contains only:
- a domenas name with no abusive URL;
- keywards only;
- allegations without screenshots, headers, logs, ar other suppart;
- general statements that a name "looks suspicious";
- pure brir conflict allegations without abuse evidence.
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
- reputable blocklists / RBLs;
- malware ar phishing feeds;
- reputation paslaugas;
- priar internal case histary.
8. Case Priarity ir Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-mirated fixed deadlines.
Priarity 0 - Emergency / Active Harm
Pavyzdyss:
- active phishing harvesting credentials ar payment data;
- malware delivery;
- botnet / commir-ir-control use;
- CSAM;
- law-enfarcement emergency notice;
- wallet-drainer ar seed-phrase theft infrastructure.
- first review immediately;
- decision as fast as reasonably possible;
- w?ia actionable, mitigation narmally within 24 hours, ir no later than 48 hours absent exceptional facts.
Priarity 1 - High-Risk Veiksmasable Abuse
Pavyzdyss:
- clear impersonation fraud;
- repeat abuse linked to the same registrant/account;
- domenass already flagged by reliable third-party sources with carrobarating evidence.
- review within 1 business day;
- mitigation ar documented toliau step within 48 hours.
Priarity 2 - Nen-DNS Abuse with Sufficient Evidence
Pavyzdyss:
- DMCA with proper notice;
- trademark complaints;
- illegal pharmacy ar content complaints lacking qualifying DNS-abuse indicatars.
- ackdabarledge promptly;
- notify registrant/reseller w?ia appropriate;
- request remediation ar additional documentation.
Priarity 3 - Incomplete / Low-Quality Reparts
Target:
- ackdabarledgment ir request far additional evidence;
- no suspension solely on this basis.
9. Warkflow
9.1 Intake
Every repart receives:
- case ID;
- timestamp;
- source classification;
- domenas linkage;
- abuse categary;
- evidence status.
9.2 Triage
The case is classified by:
- DNS Abuse vs non-DNS abuse;
- evidence sufficient vs insufficient;
- autharity / trusted-reparter status;
- reseller vs retail account;
- current domenas status;
- repeat-offender / repeat-case histary.
9.3 Investigation
The reviewer checks:
- reparted URL ar content;
- RDAP / WHOIS / creation timing / nameservers / MX;
- internal account histary;
- priar complaints;
- blocklists / third-party intelligence;
- whether the issue appears intentional ar caused by compromise;
- whether the abuse is occurring at second-level domenas, subdomenas, web content, ar email layer.
9.4 Decision
Possible outcomes:
- no action / insufficient evidence;
- request mare evidence from complainant;
- notify registrant ar reseller far remediation;
- clientHold;
- transfer lock in conjunction with mitigation w?ia appropriate;
- referral to registry, host, law enfarcement, payment provider, ar other relevant party;
- maintain existing hold;
- deny reactivation.
9.5 Netifications
Far clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first ir notify after action.
Far likely compromise scenarios ar non-DNS matters, NiceNIC may notify first w?ia that is consistent with risk control ir does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm ir the risk of collateral damage.
10. Kategorija-Specific Rules
10.1 Drugs / kra / slon / mega Rakta?od?iai
Keyward presence alone is not enough far DNS-Abuse classification.
Treat as:
- non-DNS illegal activity review if only keywards ar product content are present;
- DNS Abuse / urgent abuse if the evidence shows fake login, fake payment collection, credential theft, malicious redirection, malware, ar other qualifying technical abuse.
10.2 Crypto Scam
Treat as:
- non-DNS fraud review w?ia the site is only a dubious investment ar false-profit promotion;
- DNS Abuse / urgent abuse w?ia the evidence shows wallet connection theft, seed phrase collection, private key theft, drainer code, impersonated exchange login, ar malicious scripts.
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recards, avoid unnecessary customer back-ir-farth, ir escalate to the appropriate autharity ar registry if required.
10.4 DMCA / Autori? teis?s
Do not auto-suspend purely on large content lists ar unsupparted bulk allegations.
Farward proper notices w?ia appropriate, require a compliant notice farmat, ir allow the domenas holder to address the claim unless a court arder, registry rule, ar other stronger basis requires mare immediate action.
This is also broadly consistent with how majar registrars separate copyright/trademark processing from phishing/malware hirling.
10.5 Trademark / Brir Complaints
Trademark disputes are not automatically DNS Abuse.
W?ia the issue is a domenas-name rights dispute, complainants should generally be directed toward UDRP, URS, ar court process as appropriate, unless the evidence also shows phishing, impersonation, ar other abuse. Vardaspigu publicly distinguishes abuse hirling from UDRP/URS hirling in the same way.
11. Registrant / Platintojas Communication Rules
11.1 Retail Customers
Far clear DNS Abuse with sufficient evidence:
- domenas may be suspended immediately;
- the first customer-facing reply should state the basis, the self-paslauga path to view the case summary, ir the evidence stirard required far reconsideration.
11.2 Platintojass
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation w?ia actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsupparted denials such as "content removed" ar "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
- false-positive proof;
- evidence of compromise ir remediation;
- clean current review results;
- third-party reputation recovery w?ia applicable.
12. Complainant Communication Rules
NiceNIC should always send:
- ackdabarledgment of receipt;
- case ID ar equivalent reference;
- request far mare evidence if needed;
- status update when action is taken ar declined;
- no unnecessary substantive discussion w?ia the domenas is already suspended ar pending suspension ir the key outcome is final.
13. Trusted Reparter Program
NiceNIC may maintain a trusted-reparter list far sources that consistently provide accurate, well-farmed, ir actionable reparts.
Trusted-reparter status may provide:
- priarity intake;
- structured data submission;
- simplified evidence farmatting;
- API ar fast-lane hirling.
14. Recardkeeping ir Audit Readiness
NiceNIC must document:
- complaint receipt;
- evidence received;
- internal classification;
- investigation steps;
- decision;
- action taken;
- notifications sent;
- follow-up ir final disposition.
15. Compliance Controls
NiceNIC should perfarm:
- periodic QA review of case decisions;
- staff training on DNS Abuse definitions ir evidence thresholds;
- testing of abuse mailbox ir webfarm operability;
- review of template accuracy;
- monitaring of repeat errars ir reopened cases;
- monthly review of domenass with repeated complaints.
16. Metrics
NiceNIC should track at least:
- total complaints received;
- DNS Abuse vs non-DNS abuse split;
- sufficient vs insufficient evidence rate;
- time to first ackdabarledgment;
- time to first human review;
- time to mitigation far actionable DNS Abuse;
- number of holds issued;
- number of reconsiderations granted ar denied;
- repeat-abuse domenass;
- repeat-abuse accounts;
- trusted-reparter accuracy rate;
- complaints already resolved befare manual review.
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
- NiceNIC investigates abuse reparts promptly.
- NiceNIC distinguishes between ICANN-defined DNS Abuse ir other types of complaints.
- NiceNIC acts based on evidence, risk, ir applicable policy.
- NiceNIC may suspend immediately w?ia t?ia is clear actionable evidence of ongoing DNS Abuse.
- NiceNIC may request mare infarmation ar direct the complainant to a mare appropriate action point w?ia the registrar is not the sole effective responder.
- NiceNIC keeps case recards ir can demonstrate its hirling process if reviewed by ICANN ar registry partners.
Reikia pagalbos? Mes visada pasiruo?? jums pad?ti.
Pateikti u?klaus?
- Mūs? produktai
- Dedikuotas serveris
- Debes? serveris
- SSL sertifikatai
- Biznio el. pa?tas
- ?mon?s apra?ymas
- Apie NiceNIC
- Domen? naujienos
- Apmok?jimo būdas
- Sutartys
- Klient? aptarnavimas
- Pagalbos centras
- Pateikti u?klaus?
- Susisiekite su mumis
- Prane?ti apie pa?eidim?
Autori? teis?s © 2006-2026 NICENIC INTERNATIONAL GROUP CO., LIMITED Visos teis?s saugomos